Edin Dizdarevic edin.dizdarevic at ...7509...
Thu Apr 1 01:05:02 EST 2004

Hi Snort Man!

First of all, read the old postings about this, since there are many.
(This had to be said, sorry...)

You have provided far too less information:
- Your OS
- Your configuration vars
- Your command line
- Your network environment

This could be a combination of two configuration errors you possibly may
have done:

1. You have defined your HOME_NET and EXTERNAL_NET to "any"
2. You're running snort with "-i any" (on Linux)

Connecting to your local webserver may under these circumstances trigger
those alerts. Check that. Also remember: Both things are tendentially
bad workarounds, try to avoid them.

You're getting some spoofed packets from the "outside". Check your
packet filters and keep an eye on it. Nothing unusual nowadays.

For the loopback stuff check R.W. Stevens.


Snort Man schrieb:

> Dear All I am new to this snort thing. I installed snort and 70% of 
> the traffice is as follows.. loopback address port 80 is sending 
> requests to internal and external addresses. can anybody please 
> explaing what is this ??

Edin Dizdarevic

More information about the Snort-users mailing list